Bots are a big, growing problem. These automated software applications account for nearly half of all global web traffic, with 73% stemming from malicious bots, and it’s increasing 5% year on year. With the rise of AI, they will only grow in sophistication and attack velocity, requiring equally sophisticated defence mechanisms to fight them and accelerate the evolution away from outdated captcha forms.
BotGuard is that evolution.
Good bots, bad bots
There are broadly two sorts of bot traffic: good and bad. Good bots include search engine bots that index new content and site monitoring bots that analyse website performance. Bad bots engage in harmful activities, like competitive data mining, personal and financial data harvesting, brute-force logins, digital ad fraud, and denial of service.
The problem is that all bot traffic – good, bad, and in between – consumes bandwidth leading to additional server load, impeding critical services and causing outages. This is bad enough for domain owners, whose websites can go down or be compromised, but even worse for hosting service providers who are seeing their infrastructure running costs increase.
Democratising access to better web traffic
BotGuard was born out of this frustration, co-founders Nikita Rozenberg (CEO) and Denis Prochko (CTO) experiencing the bot problem first hand.
It all began as a side project. Denis had created a website focused on vegetarian diets with a lot of proprietary content – and then an army of scraper bots began to steal it all. Nik, starting his career in the ’90s as a web developer and spending two decades in the web hosting world, was also only too familiar with the problem. While there were plenty of tools on the market to deal with bots, they were all aimed at and priced for large enterprises. There were no affordable and effective tools for smaller players – a massive gap, given that 43% of cyber attacks are aimed at small businesses, and only 14% are prepared to defend themselves. So Denis created a prototype to solve the problem himself, and BotGuard was born.
The platform uses digital fingerprinting technology to intercept and selectively block potentially malicious web requests, adapting to the traffic patterns of a particular website in real time. It mirrors these requests in the BotGuard server for analysis, filtering out only the traffic that poses a threat and allowing legitimate requests through. As standard, about 80% of traffic gets blocked – the malicious bots – and then the last 20% comes down to the domain, so the domain owner can choose which “good” bots they want to allow on their website.
Targeting bots at the infrastructure layer
BotGuard stands out by tackling bots at the source. Rather than focusing on websites and domains, the product is designed specifically for the web clusters and data centres of hosting service providers (HSPs – think GoDaddy but smaller) and managed service providers (MSPs – typically digital agencies and consultancies) to block bots at the server level. And this makes sense: around 60% of bot traffic originates from data centres.
This approach not only reduces server load and traffic by up to 25%, cutting costs and improving service levels, but also extends the benefits of bot management to all domains on the network, democratising access to better web traffic.
This also creates a unique sales dynamic. For MSPs, BotGuard offers an avenue for additional recurring revenue by bundling bot management with their standard maintenance services. And HSPs become channel partners, able to upsell advanced features like dashboard and custom AI rules to their clients. They can differentiate their offerings while empowering end customers with more granular control over their own web traffic.
Fighting AI with AI
Bots are getting more sophisticated, with generative AI accelerating the trend. Using AI, bots can better learn and mimic human behavioural patterns – like how fast your cursor moves across the screen – and act autonomously, posing a more significant threat as they become increasingly indistinguishable from legitimate human users. Traditional defences like captcha forms, which also create high-friction user journeys for any website that with a sign up or payment flow, are becoming less effective against these evolving threats.
So BotGuard is building more sophisticated AI models and behavioural analytics tools to better detect and prevent these more sophisticated, AI-assisted attacks. Fighting AI with AI. And, looking ahead, this technology extends beyond mere defence.
Large language models (LLMs) typically depend on web scraping bots for their mass of training data – a live issue in the current discourse on AI and data regulation. BotGuard has the potential to allow domain owners to choose whether or not they want to block this sort of scraping or charge for access. If BotGuard cracks it, it would enable domain owners to not only protect but also profit from their websites and data, unlocking a completely new market and becoming an integral part of the regulatory infrastructure for AI.
An evolution in bot management
So we’re thrilled to be leading BotGuard’s €12 million Series A, alongside existing investors Tera Ventures and Expeditions Fund. This latest round will be instrumental in fueling BotGuard’s expansion – both technically and internationally. The team will use this funding to expand to the US, where bot traffic is a massive problem, invest in their AI capabilities to tackle the ever more sophisticated bot attacks, and lay the groundwork for new functionalities, including domain-level custom rules and monetisation opportunities for ‘good’ bots.
As a research-driven fund, we spent a lot of time researching the bot management space. After which, we concluded (much like Nik and Denis), that most existing solutions only catered to large enterprises at the domain layer, leaving the vast segment of small and mid-sized businesses and web hosts without adequate support. One of the things we love about the BotGuard team is their passion to build a secure internet that is accessible to everyone.
With its unique approach to bot management at the infrastructure layer, BotGuard is not just another cybersecurity product; it’s a fundamental shift in the way we protect and manage our digital ecosystem. And with their deep personal experience of the frustration and cost for domain owners, Nik, Denis and the team have the opportunity to build a platform that is truly indispensable to a previously underserved market.
This investment builds on our thesis of the growing need for security for AI solutions and the use of AI in security (keep an eye out for my colleague Advika’s next post on AI security research). I’ve personally backed the teams at Senseon (using AI to automate the process of threat detection, investigation and response) and Red Sift (using machine learning to prevent cyber attacks via email) as part of this trend.
If you’re building in this space, we’d love to hear from you!